Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Mobile Clients (2.2.3) - No Connection

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dave_vooservers
      last edited by

      Hi all,
      Wondered if anyone could shed some light on the following? I have setup a Phase1 and 2 IPSec for mobile clients, essentially we have some clients that need to dial in to the L2TP VPN from an office, but the office network hardware doesnt support Site to Site tunnels (which the firewall is already configured with)

      What I'm seeing in the IPSec log is:

      Jan 6 11:01:30 	charon: 07[NET] <2> received packet: from 82.132.220.195[49990] to 91.212.182.118[4500] (92 bytes)
      Jan 6 11:01:30 	charon: 07[ENC] <2> invalid ID_V1 payload length, decryption failed?
      Jan 6 11:01:30 	charon: 07[ENC] <2> could not decrypt payloads
      Jan 6 11:01:30 	charon: 07[IKE] <2> message parsing failed
      Jan 6 11:01:30 	charon: 07[IKE] <2> message parsing failed
      Jan 6 11:01:30 	charon: 07[ENC] <2> generating INFORMATIONAL_V1 request 3156362578 [ HASH N(PLD_MAL) ]
      Jan 6 11:01:30 	charon: 07[NET] <2> sending packet: from 91.212.182.118[500] to 82.132.220.195[49989] (76 bytes)
      Jan 6 11:01:30 	charon: 07[IKE] <2> ID_PROT request with message ID 0 processing failed
      Jan 6 11:01:30 	charon: 07[IKE] <2> ID_PROT request with message ID 0 processing failed
      

      This was me trying to connect form an Android based Samsung S5, running Cyanogenmod 12 if it matters..

      I have setup the Phase 1/2 according to the following:
      https://doc.pfsense.org/index.php/IPsec_Road_Warrior/Mobile_Client_How-To#IPsec_Server_Setup
      In the "Mobile Clients" tab, I have used the subnet 10.20.30.0 /24
      In the Ph2m the Local Network has been set as the interface connected to the infrastructures management network (what we want the dial in users to be able to access, these are on 10.10.26.0 /24).

      I input the firewalls WAN IP in the phone, the username and pass created in user manager, and the Ph1 PreSharedKey. The phone simply reports "Connection Unsuccessful", with no other useful output.

      Any ideas??? More config details can be supplied if needed. Thanks

      1 Reply Last reply Reply Quote 0
      • D
        dave_vooservers
        last edited by

        Any ideas on this guys?

        If not, any suggestions on better tutorials or setups to use to give a MAc user L2TP/IPSec connection into the firewall? It just has to be dial-in, we cant use a site to site for him.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.